diff options
author | James Morris <james.l.morris@oracle.com> | 2014-07-24 11:36:19 (GMT) |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2014-07-24 11:36:19 (GMT) |
commit | 4ca332e11df42604e784bd7da9e483160636d05e (patch) | |
tree | 82e6ba6dff978edc2132e751c19197de50218c7e /security/integrity/ima/Kconfig | |
parent | 6d6f3328422a3bc56b0d8dd026a5de845d2abfa7 (diff) | |
parent | 633706a2ee81637be37b6bc02c5336950cc163b5 (diff) | |
download | linux-4ca332e11df42604e784bd7da9e483160636d05e.tar.xz |
Merge tag 'keys-next-20140722' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next
Diffstat (limited to 'security/integrity/ima/Kconfig')
-rw-r--r-- | security/integrity/ima/Kconfig | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 81a2797..08758fb 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -123,3 +123,13 @@ config IMA_APPRAISE For more information on integrity appraisal refer to: <http://linux-ima.sourceforge.net> If unsure, say N. + +config IMA_TRUSTED_KEYRING + bool "Require all keys on the .ima keyring be signed" + depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING + depends on INTEGRITY_ASYMMETRIC_KEYS + select KEYS_DEBUG_PROC_KEYS + default y + help + This option requires that all keys added to the .ima + keyring be signed by a key on the system trusted keyring. |